General

  • Target

    nozomi.exe

  • Size

    3.6MB

  • Sample

    240923-zdc8satdrf

  • MD5

    7dc85e203f978618abeca0f1533fcfd9

  • SHA1

    fb254f5df3d0ffe42b910afa33c3cc36f2fd00a4

  • SHA256

    860f82416c505a7938a5e51e784bfe4e021b5f0f3487883d5e941c22d2844f7e

  • SHA512

    61dc510ce975ca2f705fe7358a9a9bded55d31b5868c37fe2b024db0902fb040ed4d2bb3ee974db8de543e72b40927784ce852367ac7d4ff41c129d4879a8112

  • SSDEEP

    49152:XnAQqMSPbcBV5RdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:XDqPoBZdhvxWa9P593R8yAVp2HI

Malware Config

Targets

    • Target

      nozomi.exe

    • Size

      3.6MB

    • MD5

      7dc85e203f978618abeca0f1533fcfd9

    • SHA1

      fb254f5df3d0ffe42b910afa33c3cc36f2fd00a4

    • SHA256

      860f82416c505a7938a5e51e784bfe4e021b5f0f3487883d5e941c22d2844f7e

    • SHA512

      61dc510ce975ca2f705fe7358a9a9bded55d31b5868c37fe2b024db0902fb040ed4d2bb3ee974db8de543e72b40927784ce852367ac7d4ff41c129d4879a8112

    • SSDEEP

      49152:XnAQqMSPbcBV5RdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:XDqPoBZdhvxWa9P593R8yAVp2HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3073) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks